My website is not one which has a purchased SSL Certificate and I’m using the free version of Cloudflare. Navigating to the “Crypto” menu, I enabled “Always use HTTPS” about an hour ago and it completely defaced the front page of the website.

Additionally, the URL bar in the Chrome browser displays the warning:

This page is trying to load scripts from unauthenticated sources.

And now there is an “https://” displayed before the name of the website for the front page, when there wasn’t one before.

If I navigate to any other page but the front page, everything appears to be fine.

I have tried disabling all plugins (website uses Wordpress) and Cloudflare (as well as restoring the settings to how they were before), but that has not fixed the issue. I’ve read that this is a SSL Mixed Content problem, but I don’t know where to go from there.

I have tried disabling all plugins (website uses Wordpress) and Cloudflare (as well as restoring the settings to how they were before), but that has not fixed the issue. I’ve read that this is a SSL Mixed Content problem, but I don’t know where to go from there.

I think this is something you need to fix in WordPress so that it doesn’t generate http links but refers all of the website’s resources with https.

Or you might want to try Cloudflare’s automatic HTTPS rewrites which can do that for you (unless you have external HTTP resources, which makes this harder/impossible):

Enabling “Automatic HTTPS Rewrites” results in the front page not looking as defaced as it was before, but it leads to all the images on the website no longer appearing, and not only those on the front page anymore. When that option is disabled, only the front page appears with an “https,” but enabled, it is all the pages, which I assume is the explanation.

I have reenabled "Automatic HTTPS Rewrites."The background image is not part of a plugin, but part of the theme. All plugins save for the Maintenace mode plugin and Wordpress Jetpack are currently disabled.

Chrome still has issues with your emoji though http://personacentral.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9 I had this issue once and I’ll ned to dig around a bit to remember how I fixed it…

Yes, your wp-admin page is in an infinite redirect now. This can happen if you’re using Flexible SSL and make URL changes in WP settings > general. This is sometimes fixed by installing this plugin. I’ve painted myself into this corner before whereby I needed to install that plugin but was unable to access wp-admin to do so. To get back into wp-admin I had to dive into the db and revert those URL changes back to just http, then put Cloudflare into development mode, navigate to the non-https wp-admin, and install the plugin… You could also potentially install the plugin via SFTP though I’m not sure if you can ‘activate’ it.

fluxwavez:

there is still an error message that says “This page is trying to load scripts from unauthenticated sources,” and that is worrying.

Okay, thank you. This was a mess, but I changed the website’s URL through the database, installed the plugin, changed the URL back to https, and I can now access both the front-end and the back-end.

I am using Chrome. Before, there would be a red alert notification to the far right of the address bar that would give that notice, but since I made the last changes, it’s no longer there. And there’s the green “Secure” lock too, now, so I guess the website now has a proper HTTPS connection.